Another Java security baseline update (ColdFusion, Railo and others)

There’s just been another release of Java 6 that is relevant for the security of your ColdFusion or Railo servers (but also for anything and anyone else running a Java-based server or client product).

After having pushed out Update 39 just recently, Oracle has released Java 6 Update 41 (also known as JDK 1.6.0_41) and it has become the new security baseline version for Java 6. You will find a more thorough description of the details and what specifically got fixed in the Critical Patch Update document. It’s important to realise that this patch deals with 5 issues, 4 of which are vulnerabilities when running Java as a client. Most likely those wouldn’t be very relevant for you unless you’re running Java client apps via the browser (as applets) or Java Web Start from your server.

One might argue that under those circumstances it might be the better option to just wait for Adobe to move and jump from whatever version of Java 6 you’re on to Java 7 right away (to stay within a supported line of technology from a JVM point of view).

When it comes to Railo 4, I don’t see a particular show stopper if you want to use Java 7 right away. It might be worthwhile to double check on the Railo mailing list though before you throw it on a production server 🙂